LinkedIn Login Integration Kit

LinkedIn IdP Adapter settings

Table 1. Standard fields
Field Name Description

Client ID

(API Key on PingFederate 8.x and earlier)

The client ID that you noted in Register PingFederate as a Microsoft Application.

This field is required.

Client Secret

(Secret Key on PingFederate 8.x and earlier)

The client secret that you noted in Register PingFederate as a Microsoft Application.

This field is required.

Permissions

The combined scopes of authority that PingFederate and the application want to request from the LinkedIn member.

These permissions determine which LinkedIn attributes can be added in the Attributes section of the IdP Adapter screen.

Use a space to separate multiple permissions.

Type one or more of the following:

r_liteprofile

The ability read the member’s user ID, first name, last name, maiden name, and profile picture.

If you include this permission, the LinkedIn User Data v2 URL field is required.

See Lite Profile Fields in the LinkedIn API documentation.

r_fullprofile

The ability to read the member’s liteprofile attributes and 25 other attributes.

If you include this permission, the LinkedIn User Data v2 URL field is required.

See Full Profile Fields in the LinkedIn API documentation.

r_emailaddress

The ability read the member’s email address.

If you include this permission, the LinkedIn User Email v2 URL field is required. Select the Retrieve email check box, and add email to your extended contract.

See Sign In with LinkedIn in the LinkedIn API documentation. w_member_social

The ability to create a LinkedIn post on a behalf of the member.

If you include this permission, the LinkedIn User Data v2 URL field is required.

See Share on LinkedIn in the LinkedIn API documentation.

The default value is r_liteprofile.

Error Redirect URL

Optional. The URL of a custom page that displays when PingFederate receives an error response from LinkedIn. This URL can contain query parameters. The URL has an errorMessage query parameter appended to it that contains a brief description of the error.

If this field is blank, users will see a generic error page.

For information about using custom pages, see Customizable user-facing screens in the PingFederate documentation.

This field is blank by default.

Unauthorized Redirect URL

Optional. The URL of a custom page that displays when PingFederate receives a response from LinkedIn that says the user declined the authorization request. This URL can contain query parameters.

If no URL is specified, users will see a default error page.

For information about using custom pages, see Customizable user-facing screens in the PingFederate documentation.

This field is blank by default.

Callback Endpoint

The PingFederate endpoint that LinkedIn uses to respond to authorization requests. If you set a custom endpoint in Register PingFederate as a Microsoft Application, change this field to match.

This default value is /linkedin-authn.

Advanced fields
Field Name Description

PingFederate Base URL

Optional: The fully-qualified host name, port, and path (if applicable) of the PingFederate server. For example, https://sso.example.com:9031.

This field affects the redirect URL set in the Register PingFederate as a Microsoft Application step.

If this override field is blank, the URL is determined automatically.

This field is blank by default.

LinkedIn Authentication v2 URL

The LinkedIn API endpoint that PingFederate uses to get the verification codes.

The default value is https://www.linkedin.com/oauth/v2/authorization

LinkedIn Access Token v2 URL

The LinkedIn API endpoint that PingFederate uses to get access tokens.

The default value is https://www.linkedin.com/oauth/v2/accessToken

Retrieve Email

When selected, PingFederate makes a separate call to the LinkedIn User Email V2 URL to get the user’s email address.

If you included r_emailaddress in the Permissions field, select this check box, and add email to your extended contract.

This check box is cleared by default.

LinkedIn User Email V2 URL

The LinkedIn API endpoint that PingFederate uses to get user email addresses.

This field is required if you have selected Retrieve email.

The default value is

https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))

LinkedIn User Data v2 URL

The LinkedIn API endpoint that PingFederate uses to get user attributes for the r_liteprofile and r_fullprofile permissions.

This field is optional if you have selected Retrieve email.

The default value is

https://api.linkedin.com/v2/me

Retry Request

Determines whether PingFederate will retry requests after it receives a response with a failure code.

This check box is selected by default.

Maximum Retries Limit

Determines how many times PingFederate will retry a request.

The default value is 5.

Retry Error Codes

Determines which response codes are considered failures.

The default value is 429.

API Request Timeout

The amount of time in milliseconds that PingFederate allows when establishing a connection with LinkedIn or waiting for a response to a request. A value of 0 disables the timeout.

The default value is 5000.

Proxy Settings

Defines proxy settings for outbound HTTP requests.

The default value is System Defaults.

Custom Proxy Host

The proxy server host name to use when Proxy Settings is set to Custom.

This field is blank by default.

Custom Proxy Port

The proxy server port to use when Proxy Settings is set to Custom.

This field is blank by default.